• Work directly with the ISSM to ensure customer systems maintain the Authority to Operate (ATO) with security posture in accordance with NIST SP 800-37Rev1&2. • Support customer systems through the Risk Management Framework (RMF) process using NIST SP 800-37 Rev1and Rev2. • Support in developing and maintaining documentation for the Certification & Accreditation (C&A) now the Assessment & Accreditation (A&A) Process based upon the industry and Federal standards.• Manage the Nessus… Show more • Work directly with the ISSM to ensure customer systems maintain the Authority to Operate (ATO) with security posture in accordance with NIST SP 800-37Rev1&2. • Support customer systems through the Risk Management Framework (RMF) process using NIST SP 800-37 Rev1and Rev2. • Support in developing and maintaining documentation for the Certification & Accreditation (C&A) now the Assessment & Accreditation (A&A) Process based upon the industry and Federal standards.• Manage the Nessus scan report for upload into Continuum.• Use Continuum and Xacta to track POA&Ms and Vulnerabilities to ensure compliance of the information system. • Generate POA&Ms for each non-compliant controls for each managed systems.• Manage POA&Ms throughout the lifecycle of the system, including tracking the POA&M’s remediation progress in collaboration with the POA&M POCs.• Ensure POA&Ms and other compliance and vulnerability issues are remediated in a timely manner and provide adequate justifications for unresolved vulnerabilities (waivers).• Manage FISMA scorecards for the information systems, work with applicable POCs to ensure systems meet the passing scores based on FISMA guidelines.• Provide information system audits in the area of security control assessment, system categorization, selection of baseline controls, and ATO documents. • Expertise in National Institute of Standards and Technology Special Publication (NIST SP) documentation: Performed assessments, POAM Remediation, and document creation using NIST SP 800-53 Rev.1 and NIST SP 800-53 rev.4. • Provided services as security controls assessors (SCAs) and perform as an integral part of the Assessments and Authorizations process to include A&A scanning, documentation, reporting and analysis requirements. Analyzed current threats to information security and systems. Analyze security findings and data. Published reports and keeps metrics for client systems. Show less

• Employ NIST SP 800-60 and FIPS 199 to categorize information and information systems to Low, Moderate or High in order to determine the potential adverse impact for each security objective (CIA).• Use Risk Management Framework (NIST 800-37 rev1) to help different system stakeholders to develop and maintain Authorization to Operate (ATO) packages for their information systems such as SSPs, SARs & POA&Ms• Create and review security artifacts such as Contingency plans (CP)… Show more • Employ NIST SP 800-60 and FIPS 199 to categorize information and information systems to Low, Moderate or High in order to determine the potential adverse impact for each security objective (CIA).• Use Risk Management Framework (NIST 800-37 rev1) to help different system stakeholders to develop and maintain Authorization to Operate (ATO) packages for their information systems such as SSPs, SARs & POA&Ms• Create and review security artifacts such as Contingency plans (CP), Contingency Plan Tests (CPT), Configuration Management (CM), Privacy Impact Assessment (PIA), Incident Response (IR) etc., per NIST 800 guidelines for various agencies.• Monitor controls post authorization to ensure continuous compliance with the security requirements by regularly reviewing the Nessus scan results and collaborating with the IT team for mitigation actions. • Troubleshooting functions, installation and checking of the firewalls.• Documentation of attacks and contributing to mitigations for future attacks of a similar nature• Follow Security Operations Center policies of different agencies and procedures for incident reporting and management• Create and review detailed Incident Reports and contribute to lessons learned for continuous improvement• Monitor open source and commercial threat intelligence, new vulnerabilities, software weaknesses, and other potential threats through continuous testing using SIEM software. • Trained and guide clients using (NIST 800-37 rev1) on the process of obtaining and maintaining Authorization to Operate (ATO) and the required security documentation.• Host and facilitate kick-off meetings and presentations with system stakeholders/clients on the operational security posture for the systems in their purview and on security related policies. Show less

• Worked with Assessment and Authorization team; to perform risk security control assessments (SCAs), update System Security Plans (SSP), Contingency Plans (CP), and Plan of Actions and Milestones (POA&M).• Reviewed and interpreted the vulnerability scanned reports, created, tracked and closed POA&M on the weaknesses.• Employed applicable NIST documents to develop ATO package documents such as SSP, SAR and POA&M, RA, MOUs/ISAs for information systems to ensure they are in compliance… Show more • Worked with Assessment and Authorization team; to perform risk security control assessments (SCAs), update System Security Plans (SSP), Contingency Plans (CP), and Plan of Actions and Milestones (POA&M).• Reviewed and interpreted the vulnerability scanned reports, created, tracked and closed POA&M on the weaknesses.• Employed applicable NIST documents to develop ATO package documents such as SSP, SAR and POA&M, RA, MOUs/ISAs for information systems to ensure they are in compliance with organization’s information security requirements.• Conducted in-house Security Control Assessment (SCA) using NIST 800. 53A rev4 in preparation for the external auditor’s assessment of the security controls.• Worked with system engineers and stakeholders for the continuous monitoring of the system security controls in order comply with post ATO requirements.• Primarily responsible for researching and evaluating relevant information security policies, guidance, and best practices, including NIST, FISMA, and OMB circulars for applicability to IT systems security. Show less

• Performed Software/Hardware installation, Maintenance, repair, Update and testing.• Performed routine troubleshooting of connectivity, authentication, Password reset issues etc., for the organization.• Scheduled, conducted and attended security briefings for the organization in consultation with the IT supervisor, IT Manager, Information System Security Manager (ISSM). • Scheduled and attended weekly meetings for audits, (Plan Of Action & Milestone) POA&M findings and after action… Show more • Performed Software/Hardware installation, Maintenance, repair, Update and testing.• Performed routine troubleshooting of connectivity, authentication, Password reset issues etc., for the organization.• Scheduled, conducted and attended security briefings for the organization in consultation with the IT supervisor, IT Manager, Information System Security Manager (ISSM). • Scheduled and attended weekly meetings for audits, (Plan Of Action & Milestone) POA&M findings and after action review• Created, tracked and updated relevant security documents such as Contingency Plans (CP), Incident Reports (IR) and POA&M, based on the organization handbook.• Resolved and updated IPS and IDS reports in a timely manner but in consultation with the IT supervisor and managers. • Reviewed and recommended NIST and FIPS documents for adoption as organization’s security documents in addition to that International Organization for Standardization (ISO). Show less